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DETAILED ACTION 

Acknowledgements 

1 . This is in response to an amendment filed on July 1 8 th , 2008. Claims 1 and 50 have been 
amended. Claims 1, 5-10, 17, 22, 42, 50-52, and 55-59 are pending. 



Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

3. Claims 1, 6-10, 17, 22, 42, 50-52, and 55-59 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Lewis et al. (U.S 6233565), in view of Rubin et al. (U.S 5809140). 

4. As per claims 1,6-10, 17, 22, 42, 50-52, and 55-59, Lewis et al. disclose an invention 
that comprises of the following: 

A. Interfacing with one or plurality of client system (col. 6, lines 49-56, col. 5, lines 30- 
32) ("a client system for interfacing with a plurality of users") 

B. A server communicating with client(s) over the internet (col. 5, lines 33-37). The 
server system can also be a combination of servers as shown in figure 2 and col. 7, 
lines 35-36 ("a server system for communicating with the client system over a 
communication network") 
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C. Server comprising a database (col. 5, lines 34) for retrieving customer/user 
information (col. 14, lines 55-61), the server is a Postal Secure Device (col. 13, lines 
36-37), and therefore the database that resides in the server is secure (col.31, 11.30-32) 
("a secure database remote from the users including a data record for each of 
the users") 

D. Server module includes services such as authentication (col. 24, lines 64, col. 28, 
lines 13-19), indicium generation (col. 28, 29-31) - Part of the indicium generation is 
to process the value/rate of indicium (col. 31, lines 30-32, lines 41-44). The services 
are performed by a collection of routines and data structures that performs a particular 
task or implements a particular abstract data type. For example, system includes an 
authentication (col. 4, lines 20-23), a hash module for performing a hash algorithm 
based on an input data (col. 5, lines 12), encryption/decryption module for encrypting 
and decrypting at least one of the client private key and client public key based on 
said hash (col. 5, lines 15-17) - Invention also includes that the module is an 
executable program (col. 33, line 7) - ("a plurality of cryptographic modules, each 
of the plurality of cryptographic modules for authenticating, processing value 
for the VBI, and generating indicia data for the plurality of users, wherein 
before each of the authentication, processing value, and generating indicia data 
for a given user is performed, the respective cryptographic module retrieves the 
data record for the given user directly from the database") 

E. Each transaction/transaction request is recorded/stored in the transaction database 
(col. 4, lines 28-30). The current transaction/request is the first set of transaction. 
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("database stores a first set of one or more last database transactions") - During 
each transaction for postage, the user's account is debited for the transaction 
amount/postage (col. 12, lines 23-30). If the postage exceeds the available amount 
(second set of previous transactions), an insufficient postage/funds error is given to 
the user, thereby preventing the current transaction to take place ("prevents further 
database transactions if the second set of one or more last transaction") (col. 19, 
lines 33-36) (there has to be a comparison between the amount requested/first 
transaction and the available amount/previous transaction in order to determine 
whether or not the amount is sufficient; retrieving the sets of data is also inherent) 
("modules stores a second set of one or more last database transactions for 
comparison with the first set of one or more last database transactions stored in 
the database to verify each database transaction") 

F. Updating record in a database (col. 11, lines 37, col. 16, lines 40, col. 17, line 31, 59, 
col. 18, line 7, col. 36, line 15) ("updating, and storing back in the database, the 
updated data record for the given user after generating indicia data for the given 
user") 

G. The prior art contains Structured Query Language/relational database (col. 14, lines 
55-61), which necessarily has tables ("the database stores a table including the 
respective information about a last transaction and a verification module to 
compare the information saved in the module with the information saved in the 
database") 
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H. Periodic backup of the data stored in the database (col. 19, lines 27-32), in a log 
server (col. 12, lines 63-67 - see also table I, in column 7-10) ("back up database 
server connected to the server system for periodically backing up the data stored 
in the database in a back up database") 

/. Server module to encrypt sensitive information in the severs (col. 24, lines 54-67) - 
("cryptographically protected transaction log stored in the back up database") 

J. Determining the validity of transaction data (col. 25, lines 20-22) ("data 

validation. . .", the server automatically records various data and stores them on the 
log server (col. 35, lines 52-54) - Implicitly, data can automatically be recovered 
("auto-recovery subsystem...") 

K. If a module/computer code enters the Error State, the module will no longer perform 
cryptographic functions (col. 34, lines 2-6, col. 24, lines 10-15) ("a computer 
executable code for detecting errors and preventing a compromise of data or 
critical cryptographic security parameters as a result of the errors") 

L. A Postal security device/subsystem (col. 3, line 59), which resides in Remote Service 
Provider (RSP) server (col. 3, lines 65-66) ("one or more of a postal server 
subsystem, a provider server subsystem"), a transaction/commerce 
server/subsystem taking place over the internet (col. 4, lines 12-16) ("e-commerce 
subsystem"), a staging server/subsystem (col. 18, line 23) ("staging subsystem"), 
client support functions (col. 21, line 63) ("a client support subsystem") - On a 
periodic basis (e.g., 12:00 midnight every day) the server 4 system can run an agent 
that reviews all log database tables that have changed during the prior 24-hour period. 
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Any changes that have been made are analyzed and matched to the customer record 
found in the Master Database 305. Purchase, spoilage, and refund information will be 
marked for a batch transmission to TPS (col. 37, lines 54-60) - In that sense, the 
system helps with analysis and decision making, and is therefore a Decision Support, 
System (Per above definition) ("a decision support subsystem"), E-mail capability 
(col. 11, lines 44), in a TC/IP environment (col. 5, lines 59-62) - SMPT is inherent 
("a SMTP subsystem"), filter out traffic, except to a particular address (address 
matching) (col. 8, lines 26-27) ("an address matching service subsystem"), Secure 
Socket layer for securing transactions (col. 14, lines 38-39, col. 15, lines 45, col. 29, 
line 60) ("a SSL proxy server subsystem") and a web server (col. 7, line 36, col. 8, 
line 12, col. 11, line 31) ("and a web server subsystem") 
Lewis, however did not explicitly teach a system that makes uses of stateless devices. 
However, Rubin's an invention teaches stateless devices which include only limited memory, 
processing and input/output capabilities (C4, LI -2). According to Rubin, the present 
invention is also particularly well-suited for use with multiple servers corresponding to 
multiple replications of the above-described stateless server (C10, L7-10). The stateless 
device stores a secret/private key (C3, L56). 

Therefore it would have been obvious for one skilled art at the time of applicant's invention 
to employ stateless devices in certain instances because on of the advantage of using stateless 
devices is that they don't rely on previous information (claims 3, 12, 17). 
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Claim Rejections - 35 USC §103 

5. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

6. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Lewis et al. (U.S 
6233565), in view of Rubin et al. (U.S 5809140), and in further view of Bosen et al. (U.S 
5060263). 

As per claim 5, the invention by Lewis and Rubin has previously been disclosed. 

7. Although Lewis et al. teaches the aspect of obtaining a password from the user (col. 2, 
line 35, col. 5, line 12), Lewis et al. did not explicitly describe asynchronous dynamic password. 
However, Bosen et al. teaches the aspect of asynchronous dynamic password (column 2, lines 1- 
14, col. 4, lines 6-14). Therefore, it would have been obvious for one of ordinary skill in the art 
at the time of the applicant's invention to construct a system that would employ asynchronous 
dynamic password. According to Bosen et al, one skilled in the art would have been motivated 
to do because asynchronous dynamic password reduces the number of keystrokes required of its 
users, and yet provides a much higher level of security than previous systems (col. 4, lines 9-1 1). 
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Response to Arguments 

Applicant's arguments with respect to claims 1, 5-10, 17, 22, 42, 50-52, and 55-59 have 
been considered but are moot in view of the new ground(s) of rejection, necessitated by 
applicant's amendment. 

Conclusion 

8. THIS ACTION IS MADE FINAL. Any new ground(s) of rejection is due to the 
applicant's amendment. Applicant is reminded of the extension of time policy as set forth in 
37 CFR 1.136(a). 

9. A shortened statutory period for reply to this final action is set to expire THREE MONTHS 
from the mailing date of this action. In the event a first reply is filed within TWO MONTHS 
of the mailing date of this final action and the advisory action is not mailed until after the end 
of the THREE-MONTH shortened statutory period, then the shortened statutory period will 
expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to EVENS J. AUGUSTIN whose telephone number is 571-272- 
6860. The examiner can normally be reached on 10am - 6pm M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Fischer can be reached on (571)272-6779. 
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/Evens J. Augustin/ 
Evens J. Augustin 
November 4, 2008 
Art Unit 3621 



